Published: 09 August 2017
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
From the Ubuntu security team
Kenton Varda discovered that the Cap'n Proto utility has a buffer overflow vulnerability. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code.
CVSS 3 base score: 9.8
Fixed in 0.4.1.1, 0.5.1.1, and 0.6